Our customer wanted to develop a comprehensive Security platform providing NGFW, IPS and WAF integrated. They want this platform to allow plugging-in of their own proprietary ML based security module. Additionally, they want the platform to support monitoring and scanning of traffic at up to 15 Gbps rate.
Machine Learning Enabled Security Platform
OBJECTIVES/GOAL
CHALLENGES
- Integrating so many diverse pieces of open-source software such as DPDK, VPP, snort, ssl-split, ModSec etc.
- Achieving 15mbps of throughput with CPU intensive services such as Snort, ML and ModSec.
ACCOMPLISHMENTS
Developed the security platform, integrated and tested the following security features:-
- Web Application Firewall with OWASP Top 10 checks,
- Intrusion Detection and Prevention,
- Spyware, Ransomware, and Advanced Persistent Threat using Machine learning.
- Added support for running multiple concurrent instances of different security services.
TECHNOLOGIES
DPDK, VPP, Snort, ModSec, SSl-Split
SOLUTION ARCHITECTURE
- Used DPDK + VPP software stack to provide the Layer 2-4 networking and stateful firewall.
- Utilized open-source components for IPS (Snort), SSL proxy (Openssl & SSL-split) and WAF(ModSec).
- By fully harnessing the power of multicore CPUs and using multiple instances of individual services, we were able to split the load between services and process multiple sessions in parallel.
- We defined configurable service chain rules per flow of packets to make sure a packet is received and handled by only the services configured.
- Utilized Intel Hyperscan technology to speed up pattern and signature matching for ML.